A Bill Regular Session, 2005 HOUSE BILL 2904



Similar documents
The General Assembly of the Commonwealth of Pennsylvania hereby enacts as follows:

SP0346, LD 1029, item 1, 123rd Maine State Legislature An Act To Create the Maine Spyware Prevention Act

Computer Security (Spyware)

RHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009

WASHINGTON IDENTITY THEFT RANKING BY STATE: Rank 13, 76.4 Complaints Per 100,000 Population, 4942 Complaints (2007) Updated January 11, 2009

Acceptable Use Policy

[First Reprint] SENATE COMMITTEE SUBSTITUTE FOR. SENATE, No STATE OF NEW JERSEY. 211th LEGISLATURE ADOPTED MARCH 8, 2004

CUSTOMER INFORMATION COMMZOOM, LLC PRIVACY POLICY. For additional and updated information, please visit our website at

ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; (COLLECTIVELY BROADVOX )

Acceptable Usage Policy

1 Introduction. Agenda Item: Work Item:

1 Introduction. Agenda Item: Work Item:

Broadband Acceptable Use Policy

Technical Standards for Information Security Measures for the Central Government Computer Systems

Website Terms and Conditions. by SEQ Legal

PLEASE READ. The official text of New Jersey Statutes can be found through the home page of the New Jersey Legislature

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

How To Monitor The Internet In Idaho

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

E-BUSINESS THREATS AND SOLUTIONS

Tele-Media Cable Internet Acceptable Use Policy

Fusion Acceptable Use Policy. Effective Feb 2, 2015

SOCIAL SECURITY NUMBER PRIVACY ACT (EXCERPT) Act 454 of This act shall be known and may be cited as the "social security number privacy act".

Network Security Policy

Acceptable Use Policy of UNWIRED Ltd.

ACCEPTABLE USAGE PLOICY

TERMS AND CONDITIONS OF SERVICE

Information Technology Cyber Security Policy

MCOLES Information and Tracking Network. Security Policy. Version 2.0

Franciscan University of Steubenville Information Security Policy

A Bill Regular Session, 2015 SENATE BILL 830

109TH CONGRESS 1ST SESSION. discourage spyware, and for other purposes. To amend title 18, United States Code, to AN ACT H. R. 744

Computer Crime Laws, Trends and Security Basics

Online (Internet) Banking Agreement and Disclosure

Spyware. Summary. Overview of Spyware. Who Is Spying?

By writing to: Cougar Wireless, Attention: Customer Service, 4526 S. Regal St., Suite A, Spokane, WA., 99224

Data Loss Prevention Program

HIPAA Security Training Manual

H. R. IN THE HOUSE OF REPRESENTATIVES A BILL

Commercial Internet Banking Agreement and Disclosures

Website Hosting Agreement

Acceptable Use Policy

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Acceptable Usage Policy

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

ContentPros LLC Web Site and Hosting Service Agreement

Acceptable Use Policy ("AUP")

SUMMARY OF PUBLIC LAW THE CAN-SPAM ACT OF 2003

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

The Armstrong Chamberlin Web Hosting Acceptable Use Policy ("AUP")

FMS Bank s Internet Banking Accounts Access Agreement

IBM Managed Security Services (Cloud Computing) hosted and Web security - express managed Web security

You must be at least 18 years of age to use our website. By using our website you warrant and represent that you are at least 18 years of age.

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Countermeasures against Bots

Terms and Conditions. Introduction

Hotwire Communications High-Speed Internet Acceptable Use Policy

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION

OIG Fraud Alert Phishing

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No

Acceptable Use (Anti-Abuse) Policy

HTC Communications Acceptable Use Policy High Speed Internet Service Page 1 of 5. HTC Communications

Countermeasures against Spyware

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

APPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5

Texas Security Freeze Law

B R I G H T B Y T E LT D. H O S T I N G T E R M S O F S E R V I C E S

MEDJOBBERS.COM & JOBBERS INC TERMS AND CONDITIONS

S. ll IN THE SENATE OF THE UNITED STATES A BILL

APPENDIX W - REGULATIONS - IDENTITY THEFT CHAPTER 45F. IDENTITY THEFT

Verified by Visa Terms of Service Credit Card Accounts

COB 302 Management Information System (Lesson 8)

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Guideline on Auditing and Log Management

Virgin Media Business Acceptable Use Policy (Internet)

CUSTOMER PRIVACY STATEMENT

SAAS MADE EASY: SERVICE LEVEL AGREEMENT

ACCEPTABLE USE POLICY

Network Security Policy

ON-LINE BANKING, BILL PAYER and MOBILE BANKING Terms and Conditions Effective 5/14/12

Chapter No. 911] PUBLIC ACTS, CHAPTER NO. 911 HOUSE BILL NO. 3403

Consumer Software Working Group

Legislative Language

SOUTH DAKOTA BOARD OF REGENTS. Policy Manual

TERMS OF SERVICE. This Agreement shall be construed in all respects in accordance with the laws of the province of Ontario and Canada.

Cablelynx Acceptable Use Policy

State of Michigan Department of Technology, Management & Budget. Acceptable Use of Information Technology (former Ad Guide 1460.

VIRGIN BROADBAND BROADBAND SERVICES DESCRIPTION 1 ABOUT THIS SERVICE DESCRIPTION HOW WILL WE NOTIFY YOU OF CHANGES TO THE AGREEMENT?.

Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014

FKCC AUP/LOCAL AUTHORITY

Harvard University Payment Card Industry (PCI) Compliance Business Process Documentation

COLORADO IDENTITY THEFT RANKING BY STATE: Rank 8, 89.0 Complaints Per 100,000 Population, 4328 Complaints (2007) Updated November 28, 2008

CYBER LIABILITY AND PRIVACY CRISIS MANAGEMENT EXPENSE APPLICATION

ACE DigiTech SM Digital Technology & Professional Liability Small Business Application

Asheboro City Schools 1:1 Laptop Handbook for Elementary and Middle Schools

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:

Policy for the Acceptable Use of Information Technology Resources

ELECTRONIC SERVICES AGREEMENT

CODE OF CONDUCT regarding the Data Storage Web Health History ("W.H.H.") Service called Lifepassport provided by Meshpass SA

Transcription:

0 Stricken language would be deleted from and underlined language would be added to the law as it existed prior to this session of the General Assembly. Act of the Regular Session State of Arkansas th General Assembly As Engrossed: S//0 A Bill Regular Session, 0 HOUSE BILL 0 By: Representatives D. Evans, Pace, Dobbins For An Act To Be Entitled AN ACT TO PROTECT CONSUMERS FROM THE IMPROPER USE OF COMPUTER SPYWARE; AND FOR OTHER PURPOSES. Subtitle TO PROTECT CONSUMERS FROM THE IMPROPER USE OF COMPUTER SPYWARE. BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF ARKANSAS: SECTION. Arkansas Code Title is amended to add an additional chapter to read as follows: Chapter 0 -- INFORMATION TECHNOLOGY Subchapter -- Consumer Protection Against Computer Spyware Act -0-0. Short title. This subchapter shall be known and cited as the "Consumer Protection Against Computer Spyware Act". -0-0. Definitions. As used in this subchapter: () "Advertisement" means a communication, the primary purpose of which is the commercial promotion of a commercial product or service, including content on an Internet website operated for a commercial purpose; () "Authorized user", with respect to a computer, means a person that owns or is authorized by the owner or lessee to use the computer. () "Bundled software" means software that is acquired through the installation of a large number of separate programs in a single *DLP* 0-0-0 : DLP

0 installation when the programs are wholly unrelated to the purpose of the installation as described to the authorized user; ()(A) Caused to be copied means to distribute or transfer computer software or any component of computer software. (B) Caused to be copied does not include providing: (i) Transmission, routing, intermediate temporary storage, or caching of software; (ii) A compact disk, website, computer server, or other storage medium through which the software was distributed by a third party; or (iii) A directory, index, reference, pointer, hypertext link, or other information location tool through which the user of the computer located the software; () "Computer software" means a sequence of instructions written in any programming language that is executed on a computer, but does not include a text or data file, including a cookie; () "Computer virus" means a computer program or other set of instructions that is designed to do the following acts without the authorization of the owner or owners of a computer or computer network: (A) Degrade the performance of or disable a computer or computer network; and (B) Have the ability to replicate itself on another computer or computer network; () "Damage" means any significant impairment to the integrity, confidentiality, or availability of data, software, a system, or information, including, but not limited to, the: (A) Significant and intentional degradation of the performance of a computer or a computer network; or (B) Intentional disabling of a computer or computer network; () "Distributed denial of service" or "DDoS attack" means techniques or actions involving the use of one () or more damaged computers to damage another computer or a targeted computer system in order to shut the computer or computer system down and deny the service of the damaged computer or computer system to legitimate users; () "Execute", when used with respect to computer software, 0-0-0 : DLP

0 means the performance of the functions or the carrying out of the instructions of the computer software; (0) "Hardware" means a comprehensive term for all of the discrete physical parts of a computer as distinguished from: (A) The data the computer contains or that enables it to operate; and (B) The software that provides instructions for the hardware to accomplish tasks; () "Intentionally deceptive" means with the intent to deceive an authorized user in order to either damage a computer or computer system or wrongfully obtain personally identifiable information without authority: (A) To make an intentional and materially false or fraudulent statement; (B) To make a statement or description that intentionally omits or misrepresents material information; or (C) An intentional and material failure to provide any notice to an authorized user regarding the download or installation of software; () "Internet" means: (A) The international computer network of both federal and nonfederal interoperable packet switched data networks; or (B) The global information system that: (i) Is logically linked together by a globally unique address space based on the Internet Protocol (IP), or its subsequent extensions; (ii) Is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, or its subsequent extensions, or other IP-compatible protocols; and (iii) Provides, uses, or makes accessible, either publicly or privately, high level services layered on the communications and related infrastructure described in this subdivision (); () "Internet address" means a specific location on the Internet accessible through a universal resource locator or Internet protocol address; () "Person" means one () or more individuals, partnerships, corporations, limited liability companies, or other organizations; 0-0-0 : DLP

0 () "Personally identifiable information" means any of the following if it allows the entity holding the information to identify an authorized user by: (A) First name or first initial in combination with last name; (B) Credit or debit card numbers or other financial account numbers; (C) A password or personal identification number or other identification required to access an identified account other than a password, personal identification number, or other identification transmitted by an authorized user to the issuer of the account or its agent; (D) A social security number; or (E) Any of the following information in a form that personally identifies an authorized user: (i) Account balances; (ii) Overdraft history; (iii) Payment history; (iv) A history of websites visited; (v) Home address; (vi) Work address; or (vii) A record of a purchase or purchases; and () "Phishing" means the use of electronic mail or other means to imitate a legitimate company or business in order to entice the user into divulging passwords, credit card numbers, or other sensitive information for the purpose of committing theft or fraud. -0-0. Unlawful acts Exceptions. (a) A person that is not an authorized user shall not with actual knowledge, with conscious avoidance of actual knowledge, or willfully cause computer software to be copied onto any computer in this state and use the software to: () Modify, through intentionally deceptive means, any of the following settings related to the computer's access to, or use of, the Internet: (A) Which page appears when an authorized user launches an Internet browser or similar software program used to access and navigate the 0-0-0 : DLP

0 Internet; (B) The default provider or web proxy the authorized user uses to access or search the Internet; (C) The authorized user's list of bookmarks used to access web pages; or (D) Settings in computer software or in a text or data file on the computer that are used to resolve a universal resource locator or other location identifier used to access a public or private network; () Collect, through intentionally deceptive means, personally identifiable information about the authorized user that: (A) Is collected through the use of a keystroke-logging function that records all keystrokes made by an authorized user that uses the computer and transmits the information from the computer to another person; (B) Includes all or substantially all of the Internet addresses visited by an authorized user, other than Internet addresses of the provider of the software, if the computer software was installed in an intentionally deceptive manner to conceal from all authorized users of the computer the fact that the software is being installed; (C) Is extracted from a computer hard drive for a purpose wholly unrelated to any of the purposes of the software or service as described to the authorized user; or (D) Is collected by extracting screen shots of an authorized user s use of the computer for a purpose wholly unrelated to any of the purposes of the software or service as described to the authorized user; () Prevent without authorization from the authorized user through intentionally deceptive means an authorized user's reasonable efforts to block the installation of or disable software by causing software that the authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer without the authorization of an authorized user; () Intentionally misrepresent that software will be uninstalled or disabled by an authorized user's action, with knowledge that the software will not be uninstalled or disabled; or () Through intentionally deceptive means remove, disable, or render inoperative security, antispyware, or antivirus software installed on 0-0-0 : DLP

0 the computer. (b) A person that is not an authorized user shall not with actual knowledge, with conscious avoidance of actual knowledge, or willfully: () Cause computer software to be copied onto any computer in this state and use the software to take control of a computer by: (A) Transmitting or relaying without the authorization of an authorized user commercial electronic mail or a computer virus from the consumer's computer; (B) Accessing or using the authorized user's modem or Internet service for the purpose of causing: (i) Damage to the authorized user's computer; or (ii) An authorized user to incur financial charges for a service that is not authorized by the authorized user; (C) Using the consumer's computer as part of an activity performed by a group of computers for the purpose of causing damage to another computer, including, but not limited to, launching a denial of service attack; or (D) Opening multiple, sequential, stand-alone advertisements in the authorized user's Internet browser without the authorization of an authorized user and with knowledge that a reasonable computer user can not close the advertisements without turning off the computer or closing the authorized user's Internet browser; () Without authorization obtain the ability to use one () or more computers of other end users on a network to send commercial electronic mail, to damage other computers, or to locate other computers vulnerable to an attack without: (A) Notice to or knowledge of the owners of the computers or computer networks; or (B) A prior or existing personal, business, or contractual relationship with the owner or owners of the computer or computer networks; () Modify any of the following settings related to the computer's access to, or use of, the Internet: (A) An authorized user's security or other settings that protect information about the authorized user for the purpose of stealing personal information of an authorized user; or (B) The security settings of the computer for the purpose 0-0-0 : DLP

0 of causing damage to one () or more computers; () Prevent without the authorization of an authorized user an authorized user's reasonable efforts to block the installation of or disable software by presenting the authorized user with an option to decline installation of software with knowledge that when the option is selected by the authorized user the installation nevertheless proceeds; or () Intentionally interfere with an authorized user s attempt to uninstall the software by: (A) Leaving behind without authorization on the authorized user s computer for the purpose of evading an authorized user's attempt to remove the software from the computer hidden elements of the software that are designed to and will reinstall the software or portions of the software; (B) Intentionally causing damage to or removing any vital component of the operating system; (C) Falsely representing that software has been disabled; (D) Changing the name, location, or other designation information of the software for the purpose of preventing an authorized user from locating the software to remove it; (E) Using randomized or intentionally deceptive file names, directory folders, formats, or registry entries for the purpose of avoiding detection and removal of the software by an authorized user; (F) Causing the installation of software in a particular computer directory or computer memory for the purpose of evading an authorized user's attempt to remove the software from the computer; (G) Requiring completion of a survey to uninstall software unless reasonably related to the uninstallation; or (H) Requiring, without the authority of the owner of the computer, that an authorized user obtain a special code or download a special program from a third party to uninstall the software. (c) A person that is not an authorized user shall not with regard to any computer in this state: () Induce an authorized user to install a software component onto the computer by intentionally misrepresenting that installing software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content or software; or () Deceptively cause the copying and execution on the computer 0-0-0 : DLP

0 of a computer software component with the intent of causing an authorized user to use the component in a way that violates any other provision of this section. (d) No person shall engage in phishing. (e) A person that is not an authorized user shall not with actual knowledge, with conscious avoidance of actual knowledge, or willfully cause computer software to be copied onto any computer in this state to carry out any of the violations described in subsections (a) -- (d) of this section for a purpose wholly unrelated to any of the purposes of the software or service as described to the authorized user if the software is installed in an intentionally deceptive manner that: () Exploits a security vulnerability in the computer; or () Bundles the software with other software without providing prior notice to the authorized user of the name of the software and that the software will be installed on the computer. (f) Any provision of a consumer contract that permits an intentionally deceptive practice prohibited under this section is not enforceable. (g) This section shall not apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, in accordance with the relationship or agreement between the owner of the computer or computer system used by the authorized user and a: () Telecommunications or Internet service provider; () Cable Internet provider; () Computer hardware or software provider; or () Provider of information service or interactive computer service for: (A) Network or computer security purposes; (B) Diagnostics; (C) Technical support; (D) Repair; (E) Authorized updates of software or system firmware; (F) Authorized remote system management; (G) Network management or maintenance; or (H) Detection or prevention of the unauthorized use or fraudulent or other illegal activities in connection with a network, service, 0-0-0 : DLP

0 or computer software, including scanning for and removing software proscribed under this subchapter. (i) Notwithstanding any other provision of this subchapter, the provisions of this subchapter shall not apply to: () The installation of software that falls within the scope of a grant of authorization by an authorized user; () The installation of an upgrade to a software program that has already been installed on the computer with the authorization of an authorized user; or () The installation of software before the first retail sale and delivery of the computer. -0-0. Penalties. Any violation of this subchapter is punishable by action of the Attorney General under the Deceptive Trade Practices Act, --0 et seq. -0-0. Use of Spyware Monitoring Fund. (a) All fines and penalties collected under -0-0 shall be paid to the Treasurer of State for the benefit of the Spyware Monitoring Fund to be used by the Attorney General to: () Investigate potential violations and enforce the provisions of this subchapter; and () Establish and maintain a website to: (A) Provide information concerning: (i) The availability of computer software to combat spyware; and (ii) False representations about the effectiveness of specific antispyware software; (B) Promote consumer awareness about spyware, antispyware, and computer fraud; (C) Educate consumers about: (i) Spyware, computer fraud, and the effects of spyware and computer fraud upon consumer privacy and computer systems; and (ii) How to access or obtain computer software to combat spyware; and (D) Provide consumers with links to antispyware websites 0-0-0 : DLP

0 with helpful information. (b) The Attorney General is authorized to request an appropriation from the fund to offset his or her salary and administrative expenses directly related to the enforcement of this subchapter and the administration of the website. SECTION. Title, Chapter, Subchapter, is amended to add an additional section to read as follows: --. Spyware Monitoring Fund. There is established on the books of the Treasurer of State, the Auditor of State, and the Chief Fiscal Officer of the State a fund to be known as the "Spyware Monitoring Fund" to be used by the Attorney General to offset his or her salary and administrative expenses directly related to the enforcement of the Consumer Protection Against Computer Spyware Act, -0-0 et seq. and administration of the website required by the act. /s/ D. Evans APPROVED: //0 0 0-0-0 : DLP

0-0-0 : DLP

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information